实验报告hcna综合实验.docx
《实验报告hcna综合实验.docx》由会员分享,可在线阅读,更多相关《实验报告hcna综合实验.docx(16页珍藏版)》请在冰点文库上搜索。
实验报告hcna综合实验
HCNA实验手册
组名:
一班一组
班级:
网络安全一班
实验:
HCNA综合实验
实验目的:
1掌握hcna所学的所有技术的原理
2掌握HCNA所学的所有技术的命令配置
1所使用的技术:
vlanacl三层技术natgvrpvrrpstpip
技术原理:
1vlan:
虚拟局域网
2acl:
访问控制列表
3三层技术:
实验vlan间互通
4nat:
网络地址转换
5gvrp:
vlan注册技术
6vrrp:
虚拟路由冗余协议
7stp:
生成树
8ip:
网际协议:
实验拓扑:
操作步骤:
要求一:
内部客户端A属于VLAN10,内部客户端B属于VLAN20;
1.内部客户端A属于VLAN10
二层交换机
Sys
SYSname2SWA
1.2SWA
创建vlan
vlanbatch10
interfaceEthernet0/0/5
portlink-typeaccess
portdefaultvlan10
interfaceEth-Trunk1
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
2内部客户端B属于VLAN20;
二层交换机
Sys
Sysname2SWB
创建vlan20
2.2SWB
vlanbatch20
interfaceEthernet0/0/5
portlink-typeaccess
portdefaultvlan20
interfaceEth-Trunk3
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
3.3SWA
#
interfaceEth-Trunk1
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceEth-Trunk3
portlink-typetrunk
porttrunkallow-passvlan2to4094
要求二:
内部三台交换机之间的双链路使用以太通道将链路聚合;
创建链路聚合(1通道和3通道)
三层交换机
3SWA
#
interfaceEth-Trunk1
portlink-typetrunk
porttrunkallow-passvlan2to4094
gvrp
#
interfaceEth-Trunk3
portlink-typetrunk
porttrunkallow-passvlan2to4094
gvrp
interfaceGigabitEthernet0/0/5
eth-trunk1
#
interfaceGigabitEthernet0/0/6
eth-trunk1
#
interfaceGigabitEthernet0/0/7
eth-trunk3
#
interfaceGigabitEthernet0/0/8
eth-trunk3
2SWA:
创建链路聚合(1通道和2通道)
#
interfaceEth-Trunk1
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceGigabitEthernet0/0/1
eth-trunk1
#
interfaceGigabitEthernet0/0/2
eth-trunk1
interfaceEth-Trunk2
#
interfaceEthernet0/0/1
eth-trunk2
#
interfaceEthernet0/0/2
eth-trunk2
3SWB
创建链路聚合(1通道和2通道)
interfaceEth-Trunk2
interfaceEth-Trunk3
portlink-typetrunk
porttrunkallow-passvlan2to4094
#
interfaceEthernet0/0/1
eth-trunk2
#
interfaceEthernet0/0/2
eth-trunk2
#
interfaceGigabitEthernet0/0/1
eth-trunk3
#
interfaceGigabitEthernet0/0/2
eth-trunk3
要求三:
内部三台交换机使用GVRP协议同步VLAN数据,内部三层交换机为SERVER角色;
1三层交换机
3SWA
gvrp
#
interfaceEth-Trunk1
portlink-typetrunk
porttrunkallow-passvlan2to4094
gvrp
#
interfaceEth-Trunk3
portlink-typetrunk
porttrunkallow-passvlan2to4094
gvrp
要求四:
阻塞内部二层交换机B上面向内部交换机A的两个端口;
三层交换机
3SWA
设置生成树的优先级为主优先
stpinstance0rootprimary
2swA
设置生成树的优先级为次优先
stpinstance0rootsecondary
2SWB
堵塞成功
要求五:
边界两台路由器实现网关冗余,要求默认流量从边界路由器A向外传输;
边界路由器
BRA
interfaceGigabitEthernet0/0/1
ipaddress192.168.0.129255.255.255.224
vrrpvrid1virtual-ip192.168.0.131
vrrpvrid1priority200
BRB
interfaceGigabitEthernet0/0/1
ipaddress192.168.0.130255.255.255.224
vrrpvrid1virtual-ip192.168.0.131
要求六:
内部路由使用OSPF协议;
边界路由器
BRA
ospf1
default-route-advertise
area0.0.0.0
network192.168.0.1290.0.0.0
--------------------------------------------------------
BRB
ospf1
default-route-advertise
area0.0.0.0
network192.168.0.1300.0.0.0
三层交换机
3SWA
ospf1
area0.0.0.0
network192.168.0.1610.0.0.0
network192.168.0.1930.0.0.0
network192.168.0.340.0.0.0
network192.168.0.660.0.0.0
内部路由器
RA
ospf1
area0.0.0.0
network192.168.0.20.0.0.0
network192.168.0.2250.0.0.0
RB
ospf1
area0.0.0.0
network192.168.0.980.0.0.0
network192.168.0.2260.0.0.0
要求七:
分别映射两台WEB服务器的TCP80端口至两台边界路由器的外部端口;
边界路由器
BRA
interfaceSerial1/0/0
link-protocolppp
ipaddress202.102.24.98255.255.255.252
natstaticglobal202.102.24.96inside192.168.0.1netmask255.255.255.255acl3000
BRB
interfaceSerial1/0/0
link-protocolppp
ipaddress102.202.249.194255.255.255.252natstaticglobal102.202.249.192inside192.168.0.97netmask255.255.255.255acl3001
要求八:
不允许内部客户端A访问WEB服务器A;不允许内部客户端B访问WEB服务器的TCP80端口。
RA
aclnumber2000
rule1denysource192.168.0.320
interfaceGigabitEthernet0/0/0
ipaddress192.168.0.225255.255.255.224
traffic-filterinboundacl2000
RB
aclnumber3002
rule1denytcpsource192.168.0.640destination-porteqwww
interfaceGigabitEthernet0/0/0
ipaddress192.168.0.226255.255.255.224
traffic-filterinboundacl3002
基本配置九:
ip地址的配置和一些vlan
ISP
interfaceSerial1/0/0
link-protocolppp
ipaddress202.102.24.97255.255.255.252
interfaceSerial1/0/1
link-protocolppp
ipaddress102.202.249.193255.255.255.252
BRA
interfaceSerial1/0/0
link-protocolppp
ipaddress202.102.24.98255.255.255.252
interfaceGigabitEthernet0/0/1
ipaddress192.168.0.129255.255.255.224
BRB
interfaceSerial1/0/0
link-protocolppp
ipaddress102.202.249.194255.255.255.252
interfaceGigabitEthernet0/0/1
ipaddress192.168.0.130255.255.255.224
RA
interfaceGigabitEthernet0/0/0
ipaddress192.168.0.225255.255.255.224
#
interfaceGigabitEthernet0/0/1
ipaddress192.168.0.2255.255.255.224
RB
interfaceGigabitEthernet0/0/0
ipaddress192.168.0.226255.255.255.224
#
interfaceGigabitEthernet0/0/1
ipaddress192.168.0.98255.255.255.224
3SWA
interfaceGigabitEthernet0/0/1
portlink-typeaccess
portdefaultvlan30
#
interfaceGigabitEthernet0/0/2
portlink-typeaccess
portdefaultvlan30
#
interfaceGigabitEthernet0/0/3
portlink-typeaccess
portdefaultvlan100
#
interfaceGigabitEthernet0/0/4
portlink-typeaccess
portdefaultvlan100
interfaceVlanif10
ipaddress192.168.0.34255.255.255.224
#
interfaceVlanif20
ipaddress192.168.0.66255.255.255.224
#
interfaceVlanif30
ipaddress192.168.0.161255.255.255.224
#
interfaceVlanif100
ipaddress192.168.0.193255.255.255.224
步骤七:
测试
注意事项
1公网地址的使用
2Ip地址的规划
3应用nat的时候端口一定不要映射错误(比如nat映射在了内网接口中)
升级会员 